Internet, Information Technology & e-Discovery Bloghttps://www.vogelitlawblog.com
Social changes brought about by the Internet & TechnologyTue, 12 Dec 2017 19:10:03 +0000en-UShourly1https://wordpress.org/?v=4.7.8Subscribe with My Yahoo!Subscribe with NewsGatorSubscribe with My AOLSubscribe with BloglinesSubscribe with NetvibesSubscribe with GoogleSubscribe with PageflakesOf course, testing is 1 of the 5 easy steps to beat Ransomware!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/-KCoWAD4z54/
https://www.vogelitlawblog.com/2017/12/articles/cyber/of-course-testing-is-1-of-the-5-easy-steps-to-beat-ransomware/#respondTue, 12 Dec 2017 19:10:03 +0000https://www.vogelitlawblog.com/?p=3925Continue Reading]]>Unitrends issued a white paper which stated that “the truth is that all industries are vulnerable to ransomware. Email, databases and business applications run on similar infrastructure and operating systems across all industries.” The white paper was entitled “Beat Ransomware in 5 Easy Steps, Be Prepared to Fight or Be Prepared to Pay” included these comments about Step 3 to Test, Test and Test Again:

Even the FBI agrees that the only truly effective way to combat ransomware is to regularly back up data and verify the integrity of those backups.

Testing provides many advantages in the fight against ransomware. Testing ensures:

backups are not infected with the ransomware and can be used for data recovery

recovery will be successful for both physical & virtual machines

RPO and RTO compliance reports can be generated for HIPAA and other certifications

Here are all 5 Steps:

Step 1 – Protect yourself

Step 2 – Secure your Infrastructure

Step 3 – Test, Test and Test Again

Step 4 – Proactive Detection

Step 5 – Fast Recovery

All businesses need to be ready for ransomware!

]]>https://www.vogelitlawblog.com/2017/12/articles/cyber/of-course-testing-is-1-of-the-5-easy-steps-to-beat-ransomware/feed/0https://www.vogelitlawblog.com/2017/12/articles/cyber/of-course-testing-is-1-of-the-5-easy-steps-to-beat-ransomware/Note to Ransomware Criminals – North Carolina Counties will not pay ransom…so go elsewhere!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/AadqsIySjdQ/
https://www.vogelitlawblog.com/2017/12/articles/cyber/note-to-ransomware-criminals-north-carolina-counties-will-not-pay-ransomso-go-elsewhere/#respondFri, 08 Dec 2017 13:10:10 +0000https://www.vogelitlawblog.com/?p=3922Continue Reading]]>The New York Times reported that Mecklenburg County, North Carolina (which includes the city of Charlotte) refused to “pay a $23,000 ransom to a group of hackers who seized control of several government computer systems” and the County was operating without “the internet, civil servants were doing their jobs using “paper processes.”” The December 6, 2017 report entitled “North Carolina County Refuses to Pay $23,000 Ransom to Hackers” included these comments:

Officials said they believed the hackers had not obtained the personal information of any employees or private citizens.

The targeted systems included those of the tax assessor’s office and the Parks and Recreation and Social Services Departments, the county said in a statement.

Dena R. Diorio (the Mecklenburg County manager) issued this statement:

I am confident that our backup data is secure and we have the resources to fix this situation ourselves,…

It will take time, but with patience and hard work, all of our systems will be back up and running as soon as possible.

Let’s seek if the backup contained malware before Mecklenburg County is out of the woods!

]]>https://www.vogelitlawblog.com/2017/12/articles/cyber/note-to-ransomware-criminals-north-carolina-counties-will-not-pay-ransomso-go-elsewhere/feed/0https://www.vogelitlawblog.com/2017/12/articles/cyber/note-to-ransomware-criminals-north-carolina-counties-will-not-pay-ransomso-go-elsewhere/Are you kidding me? Only 15% of US companies have insurance for their data!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/-phFnTTNmdE/
https://www.vogelitlawblog.com/2017/12/articles/cyber/are-you-kidding-me-only-15-of-us-companies-have-insurance-for-their-data/#respondWed, 06 Dec 2017 00:18:49 +0000https://www.vogelitlawblog.com/?p=3919Continue Reading]]>One might conclude it makes a lot of sense to insure business data after considering Tableau’s report that included Ponemon’s estimate that the “average total cost of a data breach was estimated at $3.62 million.” The December 2017 report entitled “2018 Top 10 Business Intelligence Trends” included the #5 Rise of the Chief Data Officer (CDO)

The fact that CDO’s and/or CAO’s are being appointed and assigned accountability for business impact and improved outcomes, also demonstrates the strategic value of data and analytics in modern organizations.

Also the report included these comments from Peter Cregger (CDO at FNI):

My job is to bring tools and technologies and empower the team.

You have to decide where the pain point is.

What is the real risk to your business?

Here are all 10 trends:

Don’t Fear AI (Artificial Intelligence)

Liberal Arts Impact

Promise of NLP (Natural Language Processing)

Multi-Cloud Debate

Rise of the CDO

Crowd Sourced Governance

Data Insurance

Data Engineer Role

Location IoT (Internet of Things)

Academics Investment

No surprises in this list!

]]>https://www.vogelitlawblog.com/2017/12/articles/cyber/are-you-kidding-me-only-15-of-us-companies-have-insurance-for-their-data/feed/0https://www.vogelitlawblog.com/2017/12/articles/cyber/are-you-kidding-me-only-15-of-us-companies-have-insurance-for-their-data/Uber paid a ransom to hackers who stole 57 million Uber records last year!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/7MenyAI1tzc/
https://www.vogelitlawblog.com/2017/11/articles/cyber/uber-paid-a-ransom-to-hackers-who-stole-57-million-uber-records-last-year/#respondWed, 29 Nov 2017 22:08:52 +0000https://www.vogelitlawblog.com/?p=3914Continue Reading]]>The New York Times reported that Uber fired it security officer after “two hackers stole data about the company’s riders and drivers — including phone numbers, email addresses and names — from a third-party server and then approached Uber and demanded $100,000 to delete their copy of the data.” The November 21, 2017 report entitled “Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data” included these details about how Uber reacted to the hackers:

The company tracked down the hackers and pushed them to sign nondisclosure agreements, according to the people familiar with the matter.

To further conceal the damage, Uber executives also made it appear as if the payout had been part of a “bug bounty” — a common practice among technology companies in which they pay hackers to attack their software to test for soft spots.

The fact that 48 states and 89 countries require breach reporting did not make it onto Uber’s radar which will surely be a problem as we watch this unfold.

]]>https://www.vogelitlawblog.com/2017/11/articles/cyber/uber-paid-a-ransom-to-hackers-who-stole-57-million-uber-records-last-year/feed/0https://www.vogelitlawblog.com/2017/11/articles/cyber/uber-paid-a-ransom-to-hackers-who-stole-57-million-uber-records-last-year/Will the Supreme Court rely on a 1979 case (think 18,134 Internet years) for Internet/cellphone privacy in 2017?http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/dFb01k29WPI/
https://www.vogelitlawblog.com/2017/11/articles/internet-privacy/will-the-supreme-court-rely-on-a-1979-case-think-18134-internet-years-for-internetcellphone-privacy-in-2017/#respondMon, 27 Nov 2017 14:48:21 +0000https://www.vogelitlawblog.com/?p=3911Continue Reading]]>On November 29th the US Supreme Court will consider the case of US v. Carpenter where “police acquired the data from Carpenter’s wireless carriers without a warrant showing probable cause” which led to Timothy Carpenter’s conviction that he was “leading a gang of robbers” and the “prosecution produced cellphone-tower data that tracked the whereabouts of Carpenter’s cellphone for more than four months and placed him at or near the sites of a string of armed robberies.”

The Washington Post had an article written by Stephen Sachs on November 26, 2017 who was Maryland’s Attorney General from 1979 to 1987 entitled “The Supreme Court’s privacy precedent is outdated” who commented that in 1979 he “argued and won Smith v. Marylandwhen I was Maryland’s attorney general. I believe it was correctly decided. But I also believe it has long since outlived its suitability as precedent.” As Mr. Sachs pointed out, the 6th Circuit Court of Appeal relied on Smith v. Maryland in the Carpenter case.

Mr. Sachs supports a new legal construction of privacy in 2017 relying on Justice Sonia Sotomayor, in her concurring opinion in the 2012 case of US v. Joneswhich held:

….that the clandestine and warrantless attachment of a GPS tracking device to a defendant’s car was an unconstitutional search.

…the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.

People disclose the phone numbers that they dial or text to their cellular providers; the URLs that they visit and the email addresses with which they correspond to their internet service providers; and the books, groceries and medications they purchase to online retailers.

It will be interesting to see how the Supreme Court rules in the US v. Carpenter.

watch for suspicious requests, such as a change in a vendor’s payment location

avoid clicking on links or attachments from unknown senders. Doing so could download malware onto your company’s computers, making you vulnerable to a hack.

All good advice, but Spearphishing/BEC continues to cause substantial losses…so people really need to follow this advice!

]]>https://www.vogelitlawblog.com/2017/11/articles/uncategorized/fbi-recommends-two-factor-authentication-training-to-thwart-spearphising/feed/0https://www.vogelitlawblog.com/2017/11/articles/uncategorized/fbi-recommends-two-factor-authentication-training-to-thwart-spearphising/100% of businesses affected by mobile malware (think BYOD)!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/f0g9BwiZzok/
https://www.vogelitlawblog.com/2017/11/articles/cyber/100-of-businesses-affected-by-mobile-malware-think-byod/#respondFri, 17 Nov 2017 18:25:53 +0000https://www.vogelitlawblog.com/?p=3904Continue Reading]]>Darkreading reported that every “business with BYOD and corporate mobile device users across the globe has been exposed to mobile malware.” The November 17, 2017 report entitled “Mobile Malware Incidents Hit 100% of Businesses” included these comments:

…BYOD devices are usually more susceptible to attack than corporate devices because they are not managed by such security measures as an enterprise mobility management platform or mobile threat management platform.

These platforms can restrict some of the more liberal permissions and user settings on BYOD devices…

Is this a wake-up call, or just old news!

]]>https://www.vogelitlawblog.com/2017/11/articles/cyber/100-of-businesses-affected-by-mobile-malware-think-byod/feed/0https://www.vogelitlawblog.com/2017/11/articles/cyber/100-of-businesses-affected-by-mobile-malware-think-byod/Whoa! Did you know that Equifax claims to own your data?http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/tGA0-cJISAs/
https://www.vogelitlawblog.com/2017/11/articles/cyber/whoa-did-you-know-that-equifax-claims-to-owns-your-data/#respondMon, 13 Nov 2017 14:44:29 +0000https://www.vogelitlawblog.com/?p=3899Continue Reading]]>In testimony before the US Senate we hear that “Equifax, and not consumers, that owns all the granular data collected about them, and that consumers cannot request to exit the company’s files.” The Washington Post’s report on November 8, 2017 entitled “Equifax says it owns all its data about you” started with the comment that “personal information it harvests for profit” for Equifax which comes as no surprise. During the Senate hearing Paulino do Rego Barros (Equifax the interim CEO) explained “ why consumers do not have a say in opting in or out of the company’s data collection”:

This is part of the way the economy works,

I think it’s not my perspective to say it’s right or wrong.

This pretty alarming and most consumers do not it see that way, so it will be interesting to see how the massive Equifax litigation uses this information.

SEO enables hackers to make their links more dominant in search results.

In this case, attackers are “poisoning” the results for specific keywords related to banking and finance, effectively narrowing their victim pool to a specific group so they can steal financial information.

The article included these comments from Earl Carter (threat researcher for Cisco Talos and one of the authors who detailed this discovery):

SEO poisoning by itself isn’t really new,…People have always been trying to manipulate search results. What was unique is they’re using it in the distribution of malware.

We all need to rely on common sense with search engines!

]]>https://www.vogelitlawblog.com/2017/11/articles/cyber/think-twice-before-relying-on-search-engine-results-since-they-may-have-malware-links/feed/0https://www.vogelitlawblog.com/2017/11/articles/cyber/think-twice-before-relying-on-search-engine-results-since-they-may-have-malware-links/Watch out!! “Mobile Messaging Apps” are the new home for the Dark Web!http://feeds.lexblog.com/~r/VogelInternetInformationTechnologyAndE-discoveryBlog/~3/OAK1AJNLhXE/
https://www.vogelitlawblog.com/2017/10/articles/cyber/watch-out-mobile-messaging-apps-are-the-new-home-for-the-dark-web/#respondSun, 29 Oct 2017 13:56:28 +0000https://www.vogelitlawblog.com/?p=3892Continue Reading]]>Darkreading reported that “mobile messaging apps are rising in favor as the newest Dark Web alternatives that crooks have landed upon to do business with one another.” The October 26, 2017 report entitled “Dark Web Marketplaces’ New Home: Mobile Messaging Apps” has the subtitle “Telegram, Discord, Whatsapp grow in popularity as criminals look for more alternatives to fly under the radar” and includes these comments:

With all this turmoil, the dark net community is clearly now looking for different platforms to continue promoting their business,…

With the promise of end to end encryption and secrecy, the instant messaging platform is flourishing with illegal trade,…

Regional and international groups across the world are using the application to spread their merchandise with P2P sales.

Users can find illegal drugs that can be delivered within hours all the way to stolen credit card information for sale.

Actually no one should be surprised, but all the more reason to be vigilant.